Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability

From: Fyodor <fyodor () insecure org>
Date: Wed, 8 Sep 2010 15:08:20 -0700
On Sun, Sep 05, 2010 at 07:01:19PM +0530, Nikhil Mittal wrote:

1. Overview
nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.


Nmap is not vulnerable.  DLL hijacking works because of an unfortunate
interaction between apps which register Windows file extensions and
the default Windows DLL search path used for those apps.  Nmap does
not, and never has, registered any Windows file extensions.  So it
isn't vulnerable to this issue.


8. Solution
Fixed in latest development release.


We have not made a special new development release, nor are we
planning one.  We do agree that Windows' default DLL search path
handling is dumb, so we have added code in our source repository to
improve that.  It will be included in our next regular release (maybe
in a month or so), along with other proactive security improvements
such as enabling Windows ASLR and DEP support.

Cheers,
Fyodor

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: